100165421.htm
来自「C#高级编程(第三版),顶死你们。。 。up」· HTM 代码 · 共 183 行 · 第 1/3 页
HTM
183 行
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">PrintingPermission</span><span style="FONT-FAMILY: 宋体">:打印的能力</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">ReflectionPermission</span><span style="FONT-FAMILY: 宋体">:使用</span><span lang="EN-US">System.Reflection</span><span style="FONT-FAMILY: 宋体">在运行期间查找类型信息的能力</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">RegistryPermission</span><span style="FONT-FAMILY: 宋体">:读、写、创建和删除注册表项和值的能力</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">SecurityPermission</span><span style="FONT-FAMILY: 宋体">:执行、断言权限、调用非托管的代码、忽略验证和其他权力的能力</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">ServiceControllerPermission</span><span style="FONT-FAMILY: 宋体">:控制</span><span lang="EN-US">Windows</span><span style="FONT-FAMILY: 宋体">服务的能力</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">SocketPermission</span><span style="FONT-FAMILY: 宋体">:在网络传输地址上创建或接受</span><span lang="EN-US">TCP/IP</span><span style="FONT-FAMILY: 宋体">连接的能力</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">SQLClientPermission</span><span style="FONT-FAMILY: 宋体">:使用</span><span lang="EN-US">SQL Server</span><span style="FONT-FAMILY: 宋体">的</span><span lang="EN-US">.NET</span><span style="FONT-FAMILY: 宋体">数据提供程序访问</span><span lang="EN-US">SQLServer</span><span style="FONT-FAMILY: 宋体">数据库的能力</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">UIPermission</span><span style="FONT-FAMILY: 宋体">:访问用户界面的能力</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">WebPermission</span><span style="FONT-FAMILY: 宋体">:连接</span><span lang="EN-US">Web</span><span style="FONT-FAMILY: 宋体">或接受</span><span lang="EN-US">Web</span><span style="FONT-FAMILY: 宋体">连接的能力</span></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">对于上面的每一个权限类,通常可以指定更深级别的粒度。例如,在本章后面的一个示例中,请求的不仅仅是文件的访问权限,还指定了文件访问的具体级别。</span></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">在实践中,如果要利用与上面列出的权限相关的资源,最好在应用程序中加入</span><span lang="EN-US" style="COLOR: black">try…catch</span><span style="COLOR: black; FONT-FAMILY: 宋体">错误处理程序块,以便应用程序运行在受限制的权限下时,能够很好地进行处理。应用程序的设计应该指定应用程序在这些情况下怎样运行,而不应该假定应用程序运行在开发它时的同一安全性策略下。例如,如果应用程序不能访问本地磁盘,它是应该退出执行呢,还是以另一种方式进行工作呢?</span></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">一个程序集将与几个代码组相关联;在安全性策略中,程序集的有效权限是程序集所属的所有代码组中权限的并集。也就是说,程序集匹配的每一个代码组都将扩展程序集的权限。在代码组的树中,下面的代码组具有的权限比上面代码组具有的权限要多一些。</span></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">以代码的身份为基础,</span><span lang="EN-US" style="COLOR: black">CLR</span><span style="COLOR: black; FONT-FAMILY: 宋体">可以赋予代码组另外一个权限集合,但是这些权限不能明确地赋予代码组。这些权限与</span><span lang="EN-US" style="COLOR: black">CLR</span><span style="COLOR: black; FONT-FAMILY: 宋体">收集的关于程序集的证据直接相关,它们称为身份权限</span><span lang="EN-US" style="COLOR: black">(Identity Permissions)</span><span style="COLOR: black; FONT-FAMILY: 宋体">。下面是身份权限类的名称:</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">PublisherIdentityPermission</span><span style="FONT-FAMILY: 宋体">:软件发布者的数字签名</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">SiteIdentityPermission</span><span style="FONT-FAMILY: 宋体">:</span><span lang="EN-US">Web</span><span style="FONT-FAMILY: 宋体">站点的名称,代码来自这个</span><span lang="EN-US">Web</span><span style="FONT-FAMILY: 宋体">站点</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">StrongNameIdentityPermission</span><span style="FONT-FAMILY: 宋体">:程序集的强名</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">URLIdentityPermission</span><span style="FONT-FAMILY: 宋体">:</span><span lang="EN-US">URL</span><span style="FONT-FAMILY: 宋体">,代码来自这个</span><span lang="EN-US">URL(</span><span style="FONT-FAMILY: 宋体">其中包括协议,例如</span><span lang="EN-US">http://)</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">ZoneIdentityPermission</span><span style="FONT-FAMILY: 宋体">:程序集来自的区域</span></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">通常在程序块中应用权限,这就是</span><span lang="EN-US" style="COLOR: black">.NET</span><span style="COLOR: black; FONT-FAMILY: 宋体">也提供权限集合的原因。代码访问的权限聚合在已命名的集合中,下面是已命名的权限集合:</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">FullTrust</span><span style="FONT-FAMILY: 宋体">:没有权限的限制</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">Execution</span><span style="FONT-FAMILY: 宋体">:运行的能力,但是不能访问受保护的资源</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">Nothing</span><span style="FONT-FAMILY: 宋体">:没有权限,不能执行</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">LocalIntranet</span><span style="FONT-FAMILY: 宋体">:本地内部网的默认策略,它是权限全集的子集。例如,文件</span><span lang="EN-US">IO</span><span style="FONT-FAMILY: 宋体">只能在程序集生成的共享上进行读取访问</span></p>
<p class="1" style="MARGIN-LEFT: 37.85pt; FTEL: -16.4pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US" style="LETTER-SPACING: 0.1pt">Internet</span><span style="FONT-FAMILY: 宋体; LETTER-SPACING: 0.1pt">:未知来源的代码的默认策略,这是限制最严格的策略。例如,在这个权限集合</span><span style="FONT-FAMILY: 宋体">下执行的代码没有文件</span><span lang="EN-US">IO</span><span style="FONT-FAMILY: 宋体">能力,不能读写事件日志,也不能写环境变量</span></p>
<p class="1" style="MARGIN-LEFT: 37.55pt; FTEL: -16.1pt"><span lang="EN-US">●<span style="FONT: 7pt 'Times New Roman'"> </span></span><span lang="EN-US">Everything</span><span style="FONT-FAMILY: 宋体">:这个集合中的所有权限,其中不包括忽略代码验证的权限。管理员可以改变这个权限集合中的权限。默认策略需要比较强大时,可以使用这个权限集合</span></p>
<p class="a3" style="MARGIN-TOP: 8.15pt; FTEL: 21.45pt"><span style="FONT-FAMILY: 黑体">注意:</span></p>
<p class="a1" style="FTEL: 21.45pt"><span style="FONT-FAMILY: 楷体_GB2312">只能修改</span><span lang="EN-US">Everything</span><span style="FONT-FAMILY: 楷体_GB2312">权限集合的定义,而前面</span><span lang="EN-US">5</span><span style="FONT-FAMILY: 楷体_GB2312">个权限是固定的,不能改变。</span></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">因为只有</span><span lang="EN-US" style="COLOR: black">CLR</span><span style="COLOR: black; FONT-FAMILY: 宋体">能够把身份权限赋予代码,所以身份权限不能包括在权限集合中。例如,如果一段代码是来自具体的发布者,管理员把与另一个发布者相关的身份权限赋予这段代码是毫无意义的。</span><span lang="EN-US" style="COLOR: black">CLR</span><span style="COLOR: black; FONT-FAMILY: 宋体">在需要时赋予身份权限,这样就可以随时利用那些身份权限。</span></p>
<h4 style="FTEL: 21.45pt"><span lang="EN-US">1. </span><span style="FONT-FAMILY: 黑体">查看程序集的权限</span></h4>
<p class="MsoNormal" style="FTEL: 3.25pt"><span style="COLOR: black; FONT-FAMILY: 宋体">假定用户在使用一个</span><span lang="EN-US" style="COLOR: black">Microsoft</span><span style="COLOR: black; FONT-FAMILY: 宋体">应用程序,并试图使用一个以前从没用过的特性。应用程序没有把代码的副本保存在本地,因此必须请求代码,然后下载到全局程序集缓存中。如果代码是由特定的公司</span><span lang="EN-US" style="COLOR: black">(</span><span style="COLOR: black; FONT-FAMILY: 宋体">这个公司已经使用证书签署了程序集</span><span lang="EN-US" style="COLOR: black">)</span><span style="COLOR: black; FONT-FAMILY: 宋体">通过</span><span lang="EN-US" style="COLOR: black">Internet</span><span style="COLOR: black; FONT-FAMILY: 宋体">发布的,则程序集所属代码组中的成员关系如图</span><span lang="EN-US" style="COLOR: black">14-3</span><span style="COLOR: black; FONT-FAMILY: 宋体">所示。</span></p>
<p align="center"><span lang="EN-US" style="COLOR: black"><img height="236" src="14/image003.gif" width="401" alt="" /></span></p>
<p style="FTEL: 8.15pt" align="center"><span style="COLOR: black; FONT-FAMILY: 宋体">图</span><span lang="EN-US" style="COLOR: black"> 14-3</span></p>
<p class="MsoNormal"><span style="FONT-FAMILY: 宋体">依照这个示例中的策略,代码组</span><span lang="EN-US">All Code</span><span style="FONT-FAMILY: 宋体">和</span><span lang="EN-US">Internet Code</span><span style="FONT-FAMILY: 宋体">的权限有限,但图中右下角的代码组却赋予程序集</span><span lang="EN-US">FullTrust</span><span style="FONT-FAMILY: 宋体">权限。程序集的有效权限是它所属所有代码组中权限的并集。当权限以这种方式合并时,有效的权限就是被授予的最高权限,也就是说,程序集所属的每一个代码组都会向程序集的有效权限集中添加权限。</span></p>
<p class="MsoNormal"><span style="COLOR: black; FONT-FAMILY: 宋体">正像可以查看程序集所属的代码组一样,也可以查看赋予程序集所属代码组的权限。在查<span style="LETTER-SPACING: -0.1pt">看权限时,不但能够看到代码的访问权限</span></span><span lang="EN-US" style="COLOR: black; LETTER-SPACING: -0.1pt">(</span><span style="COLOR: black; FONT-FAMILY: 宋体; LETTER-SPACING: -0.1pt">即允许代码做什么</span><span lang="EN-US" style="COLOR: black; LETTER-SPACING: -0.1pt">)</span><span style="COLOR: black; FONT-FAMILY: 宋体; LETTER-SPACING: -0.1pt">,也可以看到代码的身份权限</span><span lang="EN-US" style="COLOR: black; LETTER-SPACING: -0.1pt">(</span><span style="COLOR: black; FONT-FAMILY: 宋体; LETTER-SPACING: -0.1pt">身份权限能访问代码在运行期间表现出来的证据</span><span lang="EN-US" style="COLOR: black; LETTER-SPACING: -0.1pt">)</span><span style="COLOR: black; FONT-FAMILY: 宋体; LETTER-SPACING: -0.1pt">。使用如下的命令,可以查看程序集代码组的权限</span><span style="COLOR: black; FONT-FAMILY: 宋体">:</span></p>
<p class="a6" style="MARGIN-TOP: 8.15pt; MARGIN-LEFT: 21.45pt; MARGIN-RIGHT: 0cm; FTEL: 18.45pt"><strong><span lang="EN-US" style="COLOR: black">caspol.exe –resolveperm assembly.dll</span></strong></p>
<p class="MsoNormal"><span style="FONT-FAMILY: 宋体">对一个程序集使用这个命令,并且查看在通过本地的内部网访问程序集时赋予程序集的代<span style="LETTER-SPACING: 0.1pt">码访问权限和身份权限。如果输入下面的命令,就可以看到代码访问权限和最后的</span></span><span lang="EN-US" style="LETTER-SPACING: 0.1pt">3</span><span style="FONT-FAMILY: 宋体; LETTER-SPACING: 0.1pt">个身份权限</span><span style="FONT-FAMILY: 宋体">:</span></p>
<p class="a6" style="MARGIN-TOP: 8.15pt; MARGIN-LEFT: 21.45pt; MARGIN-RIGHT: 0cm; FTEL: 18.45pt"><strong><span lang="EN-US">caspol.exe –resolveperm http://intranet/assembly.dll</span></strong></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> </span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">Microsoft (R) .NET Framework CasPol 1.1.4322.535</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">Copyright (C) Microsoft Corporation 1998-2002. All rights reserved.</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> </span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">Resolving permissions for level = Enterprise</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">Resolving permissions for level = Machine</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">Resolving permissions for level = User</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US">Grant =</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"><PermissionSet class="System.Security.PermissionSet"</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> version="1"></span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> <IPermission class="System.Security.Permissions.FileDialogPermission, </span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> mscorlib, Version=1.0.5000.0, Culture=neutral, </span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> PublicKeyToken=b77a5c561934e089"</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> version="1"</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> Access="Open"/></span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> <IPermission class="System.Security.Permissions.IsolatedStorageFilePermission,</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> mscorlib, Version=1.0.5000.0, Culture=neutral,</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> PublicKeyToken=b77a5c561934e089"</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> version="1"</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> Allowed="DomainIsolationByUser"</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> UserQuota="10240"/></span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> <IPermission class="System.Security.Permissions.SecurityPermission, </span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> mscorlib, Version=1.0.5000.0, Culture=neutral,</span></p>
<p class="a6" style="MARGIN-LEFT: 21.45pt; FTEL: 18.45pt"><span lang="EN-US"> PublicKeyToken=b77a5c561934e089"</span></p>
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?